alix-graphql-mcp-read-write-tool

v0.1.0 suspicious
4.0
Medium Risk

Read/write MCP tool for the Alix GraphQL API. Scopes every operation to an estate id; permits queries and mutations.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risk due to incomplete metadata and low maintainer activity, despite showing no signs of immediate malicious behavior.

  • Metadata risk of 6/10 due to incomplete metadata and low maintainer activity.
  • Network risk of 3/10 due to potential API key usage.
Per-check LLM notes
  • Network: The presence of network calls suggests the package interacts with an external API using an API key, which is common for legitimate services but requires careful management to prevent unauthorized access.
  • Shell: No shell execution patterns were detected, indicating low risk of direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: The package shows signs of low maintainer activity and incomplete metadata, raising concerns about its legitimacy and potential security issues.

📦 Package Quality Overall: Low (2.0/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 9 type-annotated function signatures (partial)
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • on": api_key, } with httpx.Client(timeout=timeout) as client: response = client.post(e
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alix-graphql-mcp-read-write-tool 
Create a mini-application named 'EstateManager' that leverages the 'alix-graphql-mcp-read-write-tool' Python package to manage properties within a specific estate. This application should allow users to perform CRUD operations on property records through a simple command-line interface (CLI). Each property record will be scoped to a unique estate ID, ensuring that all operations are contextually relevant.

### Features:
1. **Property Listing**: Display a list of all properties within the specified estate.
2. **Add Property**: Allow users to add new property records to the estate database.
3. **Update Property**: Provide functionality to update existing property records.
4. **Delete Property**: Implement a feature to delete property records from the estate database.
5. **Search Properties**: Enable users to search for properties based on criteria such as property type, price range, etc.
6. **Estate Switching**: Allow users to switch between different estates to manage their properties.

### Utilizing 'alix-graphql-mcp-read-write-tool':
- Use the package to connect to the Alix GraphQL API, ensuring that all interactions are authenticated and scoped to the correct estate ID.
- Leverage the package's query and mutation capabilities to read and write data to the estate's property records.
- Implement error handling to gracefully manage any issues encountered during API interactions, such as network errors or validation failures.

### Implementation Steps:
1. **Setup Project Environment**: Initialize a Python virtual environment and install necessary packages including 'alix-graphql-mcp-read-write-tool'.
2. **Authentication**: Set up authentication mechanisms to securely interact with the API using valid credentials.
3. **CLI Development**: Develop a CLI interface that supports commands for listing, adding, updating, deleting, and searching properties.
4. **Data Handling**: Ensure that input data is validated and formatted correctly before sending requests to the API.
5. **Testing**: Write tests to validate that each feature works as expected under various conditions.
6. **Documentation**: Prepare documentation detailing how to use the CLI and configure it for different estates.
7. **Deployment**: Package the application for distribution, allowing others to easily install and use 'EstateManager'.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!